After a brief resurgence in Japan, Spinal Tap’s popularity plummeted again. The rock and roll group, widely recognized as England’s loudest band, was back to doing opening acts for a traveling puppet theater.

To get out of this death spiral, David St. Hubbins and Nigel Tufnel, the band’s leaders, used their chameleon-like powers of adaptation to move into new musical territory. Instead of hard-hitting rock music full of sophomoric sexual innuendo, the radically transformed band would now perform hard-hitting techno music full of sophomoric sexual innuendo. They rewrote some of their classic tunes to be more techno friendly, including "Big BIOS", "Tonight I’m Gonna Hack You Tonight", and "Gimme Some Root Sploits," all of which would be released on their new album, Sniff the Network.

To help win fans over to their new sound, the band set up a web site to serve up sample MP3s of their latest jams on the Internet. Although David and Nigel were closer than brothers, they didn’t see eye to eye on a choice of operating systems for the web site. Nigel was a hard-core Linux geek, while David was a Windows aficionado. After a renewed cycle of bickering, groupies, band break-ups, groupies, temporary reunions, and more groupies, the band settled on Windows 2000.

Tragically, within weeks, the web site system administrator hired by the band met with an untimely death, spontaneously combusting in a rare cubicle accident. Short on funds for hiring another web administrator, the band selected Nigel to run the web site, given his supposed in-depth technical knowledge (at least when compared with the rest of the band.)

After taking over the web site, Nigel noticed that some intruder had replaced their breathtaking new music with songs performed by their nemesis, Duke Fame. Spinal Tap’s website had been defaced with no-talent wanker music! Nigel rapidly deleted Duke’s files, restoring Tap’s own content. But, after a couple of minutes, the lame music reappeared. The attacker must have put a backdoor on the system.

To investigate, Nigel logged in as an Administrator and invoked the Windows Task Manager by hitting CTRL+ALT+DEL and selecting "Task Manager". After clicking on the "Processes" tab and sorting it by "Image Name", Nigel saw the following window:

Although he was a Linux guy, Nigel thought that one of the running Windows processes seemed unusual; it appeared to be out of place. He selected the strange process and hit the "End Process" button. Unfortunately, Windows presented Nigel with this error message:

Nigel looked at the dialogue box quizzically, and exclaimed, "I get the sense of it… I just don’t understand it!"

Help Nigel make sense of his dilemma by answring the following four questions. The best answers will win a prize:

1) Which process was most ususual and therefore most likely to be the backdoor planted on the machine?

2) How could Nigel determine whether this process was listening on a TCP or UDP port, the user name it was running under, and the file that was executed to invoke the process? Please list any built-in or third-party tools you would use to answer this question.

Subscribe

Deals for EH-Netters

ALL SANS Coupon Codes End 3-31-2015!! This is your last chance to save as SANS is ending their Partner Program. $200 OFF Any 4-6 Day SANS High-Quality Cyber Security Training Course! Any Format! Use Coupon Code: SANS_EHN200 for SANS 2015 (Orlando) & SANS Security West 2015 (San Diego)

Upcoming Industry Events

InfoSec Southwest 2015 InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of[...]

SANS 2015 Information security training in Orlando, Florida from SANS Institute, the global leader in information security training. This namesake event is SANS largest of the year with 42 Courses, 37 Instructors in 6 Disciplines[...]

RSA Conference 2015 – USA Same time, same place, same humongous crowds! RSA Conference 2015 is not specifically focused on hacking, pentesting and the like, but it is the largest general information security event and[...]

SANS Security West 2015 Take Cyber security training in San Diego from SANS Institute, the global leader in information security training. At SANS Security West 2015 + Emerging Trends, we offer more than 20 hands-on,[...]

THOTCON 0x6 THOTCON (pronounced \ˈthȯt\ and taken from THree – One – Two) is a small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best[...]

BSides Chicago 2015 Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and[...]

CEIC 2015 It’s no exaggeration to say that CEIC (Computer and Enterprise Investigations Conference) is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills[...]

OWASP AppSecEU 2015 The BeNeLux chapters will host the OWASP AppSec Europe Research 2015 global conference in Amsterdam, The Netherlands from May 19-22. Amsterdam is the capital of the Netherlands and the largest city of[...]